I have cisco ASA firewall. I would like to have secured internet access through client to site vpn. I have configured the following
Inside Interface 192.168.2.0/24
DMZ1-->192.168.3.0/24. This interface connects to the internal interface of the VPN box
DMZ2-->192.168.4.0/24. This interface connects to the external interface of the VPN box
Outside-->192.168.6.1 is the interface IP and for testing i placed a workstation with IP address 192.168.6.2 to test the connectivity.
From inside i connected my system to 192.168.3.2(VPN BOX Inside IP Address) and got authenticated and infact got the VPN Pool of ip address 192.168.9.0/24.
When i try ping reach 192.168.6.2 (System placed in the outside interface) i am not able to
For communication between inside and DMZ1 for VPN authentication i configured the following
static (inside,DMZ1) 192.168.2.0 192.168.2.0
access-list dmzin permit ip 192.168.3.0 255.255.2555.0 192.168.2.0 255.255.255.0
access-group dmzin in interface DMZ1
The above statement wroks fine since i able to connect to the VPN box
In the router i added the statement for reverse route
route DMZ2 192.168.9.0 255.255.255.0 192.168.4.2(External Leg of VPN box connected to DMZ2 of ASA)
I am able to ping 192.168.9.x(VPN Pool IP Address) from the ASA box and hence communication is happening from ASA-->DMZ2-->VPN Box-->DMZ1-->Inside
When i give Access-list outbound permit ip any any
and Access-group outbound in interface outside
I am able to reach the outside System(192.168.6.2) without having nat or pat in place. Other than this command any command with source and destination defined is not working.
Can some one guide me how could i proceed to make sure that only after conneting through the VPN i should be able to access the internet.